Aug 28, 2013, 01:00 pm EST
By Gary S. Miliefsky, CISSP®, President www.snoopwall.com
While I could suggest you rootkit your device, install IP Tables and Tripwire for your Android smartphone, you might be running an iPhone, a Blackberry or a Windows Smartphone. So, I’ve come up with a list of what I think are best practices for increasing privacy and security on your device without spending any money. This is based on my counterveillance research for improving your privacy from eavesdroppers and helping you from getting infected with spyware that could cost you your identity.
They are, in order of importance:
1) Disable your GPS at all time except in an emergency or when you need to use your smartphone for navigation purposes;
2) Disable your NFC (Near Field Communications) permanently;
3) Disable Bluetooth at all times except when you are in your car, driving, if you want to have hands-free calls, if supported by your car;
4) Verify Apps behavior and privacy risk BEFORE installing – do some research and ask the questions “why does this app need GPS, MICROPHONE, WEBCAM, CONTACTS, etc.?” – most apps don’t need these ports unless they want to invade your privacy. Find an alternative before installing risky Apps;
5) Either put masking tape over your webcam and microphone when not in use or pull the battery out of your smartphone when you are not using it.
Obviously for #1, there’s no need for geolocating you, unless you don’t mind being spied upon by malicious apps – or worse – your children’s location being monitored by online predators. Best to keep this hardware port disabled until you really need it.
For #2, you’re probably wondering “what the heck is NFC and why should I care?”. We’ll it’s a new protocol for ‘bumping’ or getting close to other devices, within 3 meters or so, to exchange information such as photos and contacts. Is it secure? No. Can it be hacked just like Bluetooth? Yes. Go into your device settings, find NFC, if you see it, disable it.
Ok, for #3, you’re thinking ‘that makes sense’ – Bluetooth is an easily hacked protocol and folks can eavesdrop on communications over Bluetooth; broadcast into your earpiece (yes, it’s been done); access your contacts list and hack your smartphone device over Bluetooth. So, if you disable this protocol everywhere except when you are in the car, wanting a hands free experience for making and receiving calls, you should be much more secure.
For #4, how many times do you install an app with excitement about promised features and functions, only to find that it requires incredible privacy risk? If it’s too good to be true it probably is and nothing in this world is free. There are 9 major advertisement networks and some deploy spyware. Free apps use these networks to monetize their businesses and some are developed by professional cyber criminals, enemy nation states for spying or by hackers for malicious reasons.
I really don’t like making recommendation #5 but until you try out my SnoopWall product, there’s really nothing you can do to block webcam and microphone eavesdropping, so why not make it hard for the bad guys to see or hear anything useful?
It’s time to take control of our laptops, tablets and smartphones. It’s time to begin to reclaim our privacy. There hasn’t been a way to do it yet. There may be soon, as I’m actually working on it through my new project at www.snoopwall.com. But for now, take my five recommendations to heart, implement them if you can and enjoy a safer smartphone experience.
About the Author
Gary is the President & Founder of SnoopWall and the sole inventor of the company’s new technology. He has been active in the INFOSEC arena, most recently as the Executive Producer of Cyber Defense Magazine and prior cover story author and prior contributor to Hakin9 Magazine. He founded NetClarity, Inc., an internal intrusion defense company, based on a patented technology he invented. He is a member of ISC2.org, CISSP® and Advisory Board of the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. He advised the National Infrastructure Advisory Council (NIAC), which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace. Miliefsky is a Founding Member of the US Department of Homeland Security (http://www.DHS.gov), serves on the advisory board of MITRE on the CVE Program (http://CVE.mitre.org) and is a founding Board member of the National Information Security Group (http://www.NAISG.org). Email him at: [email protected]